-
Notifications
You must be signed in to change notification settings - Fork 8
152 lines (146 loc) · 6.16 KB
/
continuous-deployment.yml
File metadata and controls
152 lines (146 loc) · 6.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# Workflow for building Next.js site and downloading DocumentDB packages, then deploying to GitHub Pages
name: Deploy Next.js site and DocumentDB packages to Pages
on:
# Runs on pushes targeting the default branch
push:
branches:
- main
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: pages
cancel-in-progress: false
jobs:
# Build job
build:
name: Build Next.js static site
# Sets permissions of the GITHUB_TOKEN to allow reading of repository content
permissions:
contents: read
runs-on: ubuntu-22.04
steps:
- name: Checkout source
uses: actions/checkout@v5
- name: Install required packages
run: |
until sudo apt-get update; do sleep 1; done
sudo apt-get install -y createrepo-c dpkg-dev dpkg-sig gnupg2 python3
- name: Setup GPG
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
continue-on-error: true
- name: Set GPG fingerprint and version config
run: |
# Configure GPG signing
if [ -n "${{ steps.import_gpg.outputs.fingerprint }}" ]; then
echo "GPG_FINGERPRINT=${{ steps.import_gpg.outputs.fingerprint }}" >> $GITHUB_ENV
echo "✅ GPG key loaded successfully"
echo " Fingerprint: ${{ steps.import_gpg.outputs.fingerprint }}"
echo " Key ID: ${{ steps.import_gpg.outputs.keyid }}"
echo " User ID: ${{ steps.import_gpg.outputs.name }} <${{ steps.import_gpg.outputs.email }}>"
else
echo "⚠️ No GPG key configured - packages will not be signed"
echo " To enable signing, add GPG_PRIVATE_KEY to repository secrets"
fi
# Configure DocumentDB version (can be overridden by repository variables)
echo "DOCUMENTDB_VERSION=${{ vars.DOCUMENTDB_VERSION || 'latest' }}" >> $GITHUB_ENV
echo "MULTI_VERSION=${{ vars.MULTI_VERSION || 'true' }}" >> $GITHUB_ENV
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: 24
cache: npm
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3
bundler-cache: true
- name: Restore cache
uses: actions/cache@v4
with:
path: |
.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-
- name: Install dependencies
run: npm ci
- name: Build with Next.js
env:
NEXT_BASE_PATH: ${{ github.event.repository.name }}
JEKYLL_BASE_PATH: /${{ github.event.repository.name }}/blogs
run: npm run build
- name: Download DocumentDB packages from latest release
run: .github/scripts/download_packages.sh
- name: Verify generated package components
run: |
set -euo pipefail
python3 - <<'PY'
import json
from pathlib import Path
release_info = Path("out/packages/release-info.json")
if not release_info.exists():
raise SystemExit("release-info.json was not generated")
data = json.loads(release_info.read_text())
assets = [asset["name"] for asset in data.get("assets", [])]
components = ("deb11", "deb12", "deb13", "ubuntu22", "ubuntu24")
for component in components:
has_assets = any(
name.endswith(".deb")
and (
name.startswith(f"{component}-")
or name.startswith(f"{component}.04-")
)
for name in assets
)
if not has_assets:
continue
for arch in ("amd64", "arm64"):
packages = Path(f"out/deb/dists/stable/{component}/binary-{arch}/Packages")
packages_gz = Path(f"out/deb/dists/stable/{component}/binary-{arch}/Packages.gz")
if not packages.exists() or not packages_gz.exists():
raise SystemExit(
f"Missing APT metadata for {component} {arch}: "
f"{packages} / {packages_gz}"
)
release_file = Path("out/deb/dists/stable/Release")
if release_file.exists() and any(name.startswith("deb13-") and name.endswith(".deb") for name in assets):
release_text = release_file.read_text()
if "deb13" not in release_text:
raise SystemExit("deb13 assets exist but deb13 is missing from the APT Release file")
PY
- name: Upload artifact
uses: actions/upload-pages-artifact@v3
with:
path: ./out
# Deployment job
deploy:
name: Publish site to GitHub Pages
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs:
- build
# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
permissions:
pages: write
id-token: write
steps:
- name: Setup Pages
uses: actions/configure-pages@v5
with:
# Automatically inject basePath in your Next.js configuration file and disable
# server side image optimization (https://nextjs.org/docs/api-reference/next/image#unoptimized).
#
# You may remove this line if you want to manage the configuration yourself.
static_site_generator: next
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4